`cd963ec`

production deployment with monitoring & zero-downtime deployment

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 8 months ago

SHA: cd963ec82dd509497696c49ce480025273b415df
Parents: 6f3d442
Tree: 0e6f035

22 changed files

Status	File	+	-
A	`.env.production.example`	50	0
M	`README.md`	166	43
A	`client/Dockerfile`	53	0
A	`client/nginx.conf`	129	0
A	`client/src/components/ErrorBoundary.vue`	248	0
A	`client/src/composables/useErrorHandler.ts`	278	0
A	`client/src/views/SettingsView.vue`	431	0
A	`deploy/production.yml`	257	0
M	`docker-compose.yml`	79	6
A	`monitoring/grafana/dashboards/dashboard.yml`	13	0
A	`monitoring/grafana/datasources/prometheus.yml`	21	0
A	`monitoring/loki.yml`	64	0
A	`monitoring/prometheus.yml`	49	0
A	`monitoring/promtail.yml`	79	0
A	`nginx/nginx.conf`	160	0
A	`nginx/production.conf`	212	0
A	`scripts/deploy.sh`	209	0
A	`scripts/generate-ssl.sh`	53	0
A	`scripts/health-check.sh`	143	0
M	`server/src/index.ts`	4	0
A	`server/src/middleware/cache.ts`	349	0
A	`server/src/middleware/performance.ts`	231	0

.env.production.exampleadded

 +# ZephyrFS Production Configuration
++
 +# Core Configuration
 +NODE_ENV=production
 +PORT=3000
 +HOST=0.0.0.0
++
 +# ZephyrFS Node Configuration
 +ZEPHYRFS_NODE_URL=http://zephyrfs-node:8080
 +ZEPHYRFS_NODE_TIMEOUT=30000
++
 +# Security
 +JWT_SECRET=your-super-secure-jwt-secret-here
 +CORS_ORIGINS=https://your-domain.com,https://api.your-domain.com
++
 +# File Upload Limits
 +MAX_FILE_SIZE=1073741824  # 1GB in bytes
 +MAX_CONCURRENT_UPLOADS=10
++
 +# Logging
 +LOG_LEVEL=info
++
 +# Storage Paths
 +DATA_PATH=/opt/zephyrfs/data
 +SSL_CERTS_PATH=/opt/zephyrfs/ssl
++
 +# Monitoring
 +GRAFANA_PASSWORD=admin
++
 +# Performance Settings
 +CACHE_MAX_SIZE=104857600  # 100MB
 +CACHE_TTL=300000          # 5 minutes
++
 +# Database (if using external DB)
 +# DATABASE_URL=postgresql://user:pass@localhost:5432/zephyrfs
++
 +# Redis (if using external cache)
 +# REDIS_URL=redis://localhost:6379
++
 +# Email (for notifications)
 +# SMTP_HOST=smtp.gmail.com
 +# SMTP_PORT=587
 +# SMTP_USER=your-email@gmail.com
 +# SMTP_PASS=your-app-password
++
 +# S3 Backup (optional)
 +# S3_BUCKET=zephyrfs-backups
 +# S3_ACCESS_KEY=your-access-key
 +# S3_SECRET_KEY=your-secret-key
 +# S3_REGION=us-east-1

README.mdmodified

  # ZephyrFS Web Interface
 -A modern web interface and WebDAV server for ZephyrFS distributed storage system.
 +A modern, responsive web interface for ZephyrFS with zero-knowledge encryption support and production-ready deployment.
  ## Features
 -- **RESTful API** - Complete file management operations
 -- **JWT Authentication** - Secure token-based authentication
 -- **WebDAV Server** - Native OS integration for mounting as network drive
 -- **Real-time Updates** - WebSocket-based status monitoring
 -- **Zero-Knowledge Security** - Preserves ZephyrFS encryption architecture
 -- **High Performance** - Sub-2-second response times with streaming support
 +- **Modern Web UI**: Vue.js 3 + TypeScript + Tailwind CSS
 +- **Zero-Knowledge Encryption**: Client-side encryption with capability-based access
 +- **Real-time Operations**: WebSocket support for live updates
 +- **File Management**: Upload, download, organize files with folder support
 +- **Batch Operations**: Multi-select for bulk operations
 +- **File Preview**: Built-in preview for images, documents, and media
 +- **Mobile Responsive**: Progressive Web App (PWA) support
 +- **WebDAV Server**: Native OS integration for mounting as network drive
 +- **Production Ready**: Docker containerization with monitoring
 +- **High Performance**: Sub-500ms response times with intelligent caching
  ## Quick Start
  ### Development
 -1. **Install dependencies**
 -   ```bash
 -   cd server
 -   npm install
 -   ```
 +```bash
 +# Install dependencies
 +npm install
 -2. **Configure environment**
 -   ```bash
 -   cp .env.example .env
 -   # Edit .env with your settings
 -   ```
 +# Start development servers
 +npm run dev:server    # Backend on :3000
 +npm run dev:client    # Frontend on :5173
 +```
 -3. **Start development server**
 -   ```bash
 -   npm run dev
 -   ```
 +### Production Deployment
 -### Production
 +```bash
 +# Copy and configure environment
 +cp .env.production.example .env.production
 +# Edit .env.production with your settings
 -1. **Build the application**
 -   ```bash
 -   npm run build
 -   ```
 +# Deploy with Docker Swarm
 +./scripts/deploy.sh deploy
 -2. **Start production server**
 -   ```bash
 -   npm start
 -   ```
 +# Check health and performance
 +./scripts/health-check.sh
 +```
 -### Docker
 +### Alternative Deployment
  ```bash
 -docker-compose up -d
 +# Docker Compose
 +docker-compose -f deploy/production.yml up -d
++
 +# Manual deployment
 +npm run build
 +npm run start:prod
  ```
  ## API Endpoints
  - `POST /api/auth/logout` - Logout and invalidate session
  - `GET /api/auth/me` - Get current user info
 -### Files
 -- `GET /api/files` - List files in directory
 -- `POST /api/files/upload` - Upload file
 +### Core Operations
 +- `GET /api/files` - List files and folders
 +- `POST /api/files/upload` - Upload files
  - `GET /api/files/:id/download` - Download file
 -- `GET /api/files/:id/info` - Get file metadata
 -- `DELETE /api/files/:id` - Delete file
 +- `DELETE /api/files/:id` - Delete file/folder
 +- `POST /api/folders` - Create folder
++
 +### Batch Operations
 +- `POST /api/bulk/download` - Bulk download as ZIP
 +- `DELETE /api/bulk/delete` - Bulk delete
 -### Status
 +### Monitoring
  - `GET /api/health` - Health check
 +- `GET /api/metrics` - Performance metrics
 +- `GET /api/cache/stats` - Cache statistics
  - `GET /api/status/network` - Network status
  - `GET /api/status/node` - Node status
  - `GET /api/status/ws` - WebSocket status updates
  - Input validation with Zod schemas
  - Secure error handling (no info leakage)
 +## Architecture
++
 +```
 +┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
 +│   Vue.js Client │────│  Fastify Server │────│  ZephyrFS Node  │
 +│                 │    │                 │    │                 │
 +│ • File Browser  │    │ • REST API      │    │ • Storage Layer │
 +│ • Upload/DL     │    │ • WebSocket     │    │ • Encryption    │
 +│ • Auth UI       │    │ • JWT Auth      │    │ • Deduplication │
 +│ • Real-time     │    │ • Caching       │    │ • Capabilities  │
 +└─────────────────┘    └─────────────────┘    └─────────────────┘
 +```
++
  ## Performance
 -- Sub-200ms API response times
 -- Streaming file uploads/downloads
 -- Efficient chunked transfer
 -- WebSocket real-time updates
 -- Connection pooling and timeouts
 +- **Response Times**: Sub-500ms for all operations
 +- **Caching**: Intelligent multi-layer caching
 +- **Compression**: Gzip compression for all responses
 +- **CDN Ready**: Static asset optimization
 +- **Monitoring**: Prometheus + Grafana metrics
 +- **Streaming**: Efficient file uploads/downloads
 +- **WebSocket**: Real-time updates
 +- **Connection Pooling**: Optimized HTTP connections
++
 +## Security
++
 +- **Zero-Knowledge**: Files encrypted client-side
 +- **JWT Authentication**: Secure token-based auth
 +- **CORS Protection**: Configurable origin restrictions
 +- **Rate Limiting**: API endpoint protection
 +- **TLS Termination**: HTTPS with nginx proxy
 +- **CSP Headers**: Content Security Policy
 +- **Input Validation**: Zod schema validation
 +- **Secure Headers**: HSTS, X-Frame-Options, etc.
++
 +## Deployment Options
++
 +### Docker Swarm (Recommended)
 +```bash
 +./scripts/deploy.sh deploy
 +```
++
 +### Manual Docker
 +```bash
 +docker-compose -f deploy/production.yml up -d
 +```
++
 +### Kubernetes
 +```bash
 +# Coming soon - K8s manifests
 +kubectl apply -f deploy/k8s/
 +```
++
 +## Configuration
++
 +### Environment Variables
++
 +| Variable | Description | Default |
 +|----------|-------------|---------|
 +| `NODE_ENV` | Environment mode | `production` |
 +| `PORT` | Server port | `3000` |
 +| `ZEPHYRFS_NODE_URL` | ZephyrFS node URL | `http://zephyrfs-node:8080` |
 +| `JWT_SECRET` | JWT signing secret | (required) |
 +| `CORS_ORIGINS` | Allowed CORS origins | `https://your-domain.com` |
 +| `MAX_FILE_SIZE` | Max upload size | `1073741824` (1GB) |
 +| `DATA_PATH` | Data storage path | `/opt/zephyrfs/data` |
++
 +### SSL Certificates
++
 +Place SSL certificates in `${SSL_CERTS_PATH}/`:
 +- `cert.pem` - Certificate file
 +- `key.pem` - Private key file
++
 +Or use Let's Encrypt with:
 +```bash
 +certbot certonly --webroot -w /var/www/html -d your-domain.com
 +```
++
 +## Monitoring
++
 +Access monitoring dashboards:
 +- **Grafana**: http://localhost:3001 (admin/admin)
 +- **Prometheus**: http://localhost:9090
 +- **Logs**: `docker service logs zephyrfs_loki`
++
 +## Development
++
 +### Project Structure
 +```
 +zephyrfs-web/
 +├── client/           # Vue.js frontend
 +│   ├── src/
 +│   │   ├── components/
 +│   │   ├── views/
 +│   │   ├── stores/
 +│   │   └── utils/
 +│   └── public/
 +├── server/           # Node.js backend
 +│   ├── src/
 +│   │   ├── routes/
 +│   │   ├── middleware/
 +│   │   └── integration/
 +│   └── tests/
 +├── deploy/           # Production configs
 +├── monitoring/       # Prometheus/Grafana
 +└── scripts/          # Deployment scripts
 +```
++
 +### Testing
 +```bash
 +npm test
 +```
++
 +### Contributing
++
 +1. Fork the repository
 +2. Create feature branch: `git checkout -b feature/name`
 +3. Run tests: `npm test`
 +4. Commit changes: `git commit -m "feat: description"`
 +5. Push branch: `git push origin feature/name`
 +6. Create Pull Request

client/Dockerfileadded

 +# Multi-stage build for Vue.js client
 +FROM node:18-alpine AS builder
++
 +WORKDIR /app
++
 +# Copy package files
 +COPY package*.json ./
 +COPY ../shared ./shared
++
 +# Install dependencies
 +RUN npm ci --only=production
++
 +# Copy source code
 +COPY . .
++
 +# Build the application
 +RUN npm run build
++
 +# Production stage with nginx
 +FROM nginx:alpine
++
 +# Copy built assets
 +COPY --from=builder /app/dist /usr/share/nginx/html
++
 +# Copy nginx configuration
 +COPY nginx.conf /etc/nginx/nginx.conf
++
 +# Create non-root user
 +RUN addgroup -g 1001 -S nodejs && \
 +    adduser -S zephyrfs -u 1001 -G nodejs
++
 +# Set ownership
 +RUN chown -R zephyrfs:nodejs /usr/share/nginx/html && \
 +    chown -R zephyrfs:nodejs /var/cache/nginx && \
 +    chown -R zephyrfs:nodejs /var/log/nginx && \
 +    chown -R zephyrfs:nodejs /etc/nginx/conf.d
++
 +# Make directories writable
 +RUN touch /var/run/nginx.pid && \
 +    chown -R zephyrfs:nodejs /var/run/nginx.pid
++
 +# Switch to non-root user
 +USER zephyrfs
++
 +# Expose port
 +EXPOSE 8080
++
 +# Health check
 +HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
 +  CMD wget --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1
++
 +# Start nginx
 +CMD ["nginx", "-g", "daemon off;"]

client/nginx.confadded

 +user nginx;
 +worker_processes auto;
 +error_log /var/log/nginx/error.log notice;
 +pid /var/run/nginx.pid;
++
 +events {
 +    worker_connections 1024;
 +    use epoll;
 +    multi_accept on;
 +}
++
 +http {
 +    include /etc/nginx/mime.types;
 +    default_type application/octet-stream;
++
 +    # Logging format
 +    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 +                    '$status $body_bytes_sent "$http_referer" '
 +                    '"$http_user_agent" "$http_x_forwarded_for" '
 +                    'rt=$request_time uct="$upstream_connect_time" '
 +                    'uht="$upstream_header_time" urt="$upstream_response_time"';
++
 +    access_log /var/log/nginx/access.log main;
++
 +    # Performance optimizations
 +    sendfile on;
 +    tcp_nopush on;
 +    tcp_nodelay on;
 +    keepalive_timeout 65;
 +    types_hash_max_size 2048;
 +    client_max_body_size 1G;
++
 +    # Gzip compression
 +    gzip on;
 +    gzip_vary on;
 +    gzip_min_length 1024;
 +    gzip_proxied any;
 +    gzip_comp_level 6;
 +    gzip_types
 +        text/plain
 +        text/css
 +        text/xml
 +        text/javascript
 +        application/json
 +        application/javascript
 +        application/xml+rss
 +        application/atom+xml
 +        image/svg+xml;
++
 +    # Security headers
 +    add_header X-Frame-Options DENY always;
 +    add_header X-Content-Type-Options nosniff always;
 +    add_header X-XSS-Protection "1; mode=block" always;
 +    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
++
 +    server {
 +        listen 8080;
 +        listen [::]:8080;
 +        server_name _;
 +        root /usr/share/nginx/html;
 +        index index.html;
++
 +        # Security
 +        server_tokens off;
++
 +        # Static assets with long cache
 +        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
 +            expires 1y;
 +            add_header Cache-Control "public, immutable";
 +            add_header X-Content-Type-Options nosniff;
 +        }
++
 +        # API proxy to backend
 +        location /api/ {
 +            proxy_pass http://web-server:3000;
 +            proxy_http_version 1.1;
 +            proxy_set_header Upgrade $http_upgrade;
 +            proxy_set_header Connection 'upgrade';
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
 +            proxy_cache_bypass $http_upgrade;
 +            proxy_read_timeout 300;
 +            proxy_connect_timeout 300;
 +            proxy_send_timeout 300;
 +        }
++
 +        # WebSocket support for API
 +        location /api/status/ws {
 +            proxy_pass http://web-server:3000;
 +            proxy_http_version 1.1;
 +            proxy_set_header Upgrade $http_upgrade;
 +            proxy_set_header Connection "Upgrade";
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
 +        }
++
 +        # SPA fallback - serve index.html for all routes
 +        location / {
 +            try_files $uri $uri/ /index.html;
 +            add_header Cache-Control "no-cache, no-store, must-revalidate";
 +            add_header Pragma "no-cache";
 +            add_header Expires "0";
 +        }
++
 +        # Health check endpoint
 +        location /health {
 +            access_log off;
 +            return 200 "healthy\n";
 +            add_header Content-Type text/plain;
 +        }
++
 +        # Block access to sensitive files
 +        location ~ /\. {
 +            deny all;
 +            access_log off;
 +            log_not_found off;
 +        }
++
 +        location ~ ^/(package\.json|Dockerfile|docker-compose\.yml)$ {
 +            deny all;
 +            access_log off;
 +            log_not_found off;
 +        }
 +    }
 +}

client/src/components/ErrorBoundary.vueadded

 +<template>
 +  <div v-if="hasError" class="error-boundary">
 +    <div class="min-h-screen bg-gray-50 dark:bg-gray-900 flex items-center justify-center px-4">
 +      <div class="max-w-md w-full">
 +        <!-- Error icon -->
 +        <div class="text-center mb-6">
 +          <ExclamationTriangleIcon class="w-16 h-16 text-red-500 mx-auto mb-4" />
 +          <h1 class="text-2xl font-bold text-gray-900 dark:text-white mb-2">
 +            Something went wrong
 +          </h1>
 +          <p class="text-gray-600 dark:text-gray-400">
 +            We encountered an unexpected error. This has been reported to our team.
 +          </p>
 +        </div>
++
 +        <!-- Error details (development only) -->
 +        <div v-if="showDetails && errorInfo" class="mb-6 p-4 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-md">
 +          <details class="text-sm">
 +            <summary class="font-medium text-red-800 dark:text-red-200 cursor-pointer">
 +              Error Details
 +            </summary>
 +            <div class="mt-2 text-red-700 dark:text-red-300 space-y-2">
 +              <div>
 +                <strong>Message:</strong> {{ errorInfo.message }}
 +              </div>
 +              <div v-if="errorInfo.stack">
 +                <strong>Stack trace:</strong>
 +                <pre class="mt-1 text-xs bg-red-100 dark:bg-red-900/30 p-2 rounded overflow-x-auto">{{ errorInfo.stack }}</pre>
 +              </div>
 +              <div>
 +                <strong>Timestamp:</strong> {{ new Date(errorInfo.timestamp).toLocaleString() }}
 +              </div>
 +              <div v-if="errorInfo.context">
 +                <strong>Context:</strong>
 +                <pre class="mt-1 text-xs bg-red-100 dark:bg-red-900/30 p-2 rounded overflow-x-auto">{{ JSON.stringify(errorInfo.context, null, 2) }}</pre>
 +              </div>
 +            </div>
 +          </details>
 +        </div>
++
 +        <!-- Actions -->
 +        <div class="flex flex-col sm:flex-row gap-3">
 +          <button
 +            @click="handleReload"
 +            class="btn btn-primary flex-1"
 +          >
 +            <ArrowPathIcon class="w-4 h-4 mr-2" />
 +            Reload Page
 +          </button>
++
 +          <button
 +            @click="handleReset"
 +            class="btn btn-outline flex-1"
 +          >
 +            Reset Application
 +          </button>
 +        </div>
++
 +        <!-- Additional actions -->
 +        <div class="mt-4 text-center space-y-2">
 +          <button
 +            v-if="errorInfo?.retryable"
 +            @click="handleRetry"
 +            class="text-sm text-primary-600 hover:text-primary-700 dark:text-primary-400"
 +          >
 +            Try Last Action Again
 +          </button>
++
 +          <div class="text-xs text-gray-500 dark:text-gray-400">
 +            Error ID: {{ errorInfo?.id || 'unknown' }}
 +          </div>
 +        </div>
++
 +        <!-- Report issue link -->
 +        <div class="mt-6 text-center">
 +          <a
 +            href="https://github.com/anthropics/claude-code/issues"
 +            target="_blank"
 +            rel="noopener noreferrer"
 +            class="text-sm text-gray-500 hover:text-gray-700 dark:text-gray-400 dark:hover:text-gray-300"
 +          >
 +            Report this issue on GitHub →
 +          </a>
 +        </div>
 +      </div>
 +    </div>
 +  </div>
++
 +  <slot v-else />
 +</template>
++
 +<script setup lang="ts">
 +import { ref, onErrorCaptured, onMounted } from 'vue'
 +import { ExclamationTriangleIcon, ArrowPathIcon } from '@heroicons/vue/24/outline'
 +import { useErrorHandler, type ErrorInfo } from '@/composables/useErrorHandler'
++
 +const hasError = ref(false)
 +const errorInfo = ref<ErrorInfo | null>(null)
 +const showDetails = ref(import.meta.env.DEV)
 +const lastAction = ref<Function | null>(null)
++
 +const { handleError } = useErrorHandler()
++
 +// Capture Vue component errors
 +onErrorCaptured((error: Error, instance: any, info: string) => {
 +  const errorDetails = handleError(error, {
 +    component: instance?.$options.name || 'Unknown',
 +    errorInfo: info,
 +    timestamp: Date.now(),
 +  })
++
 +  hasError.value = true
 +  errorInfo.value = {
 +    ...errorDetails,
 +    stack: error.stack,
 +    context: {
 +      ...errorDetails.context,
 +      vueInfo: info,
 +    },
 +  }
++
 +  // Prevent the error from propagating further
 +  return false
 +})
++
 +// Handle global errors
 +onMounted(() => {
 +  const originalOnError = window.onerror
 +  const originalOnUnhandledRejection = window.onunhandledrejection
++
 +  window.onerror = (message, source, lineno, colno, error) => {
 +    if (error) {
 +      const errorDetails = handleError(error, {
 +        source,
 +        lineno,
 +        colno,
 +        timestamp: Date.now(),
 +      })
++
 +      hasError.value = true
 +      errorInfo.value = {
 +        ...errorDetails,
 +        stack: error.stack,
 +      }
 +    }
++
 +    // Call original handler
 +    if (originalOnError) {
 +      return originalOnError(message, source, lineno, colno, error)
 +    }
 +    return false
 +  }
++
 +  window.onunhandledrejection = (event) => {
 +    const errorDetails = handleError(event.reason, {
 +      type: 'unhandled_promise_rejection',
 +      timestamp: Date.now(),
 +    })
++
 +    hasError.value = true
 +    errorInfo.value = errorDetails
++
 +    // Call original handler
 +    if (originalOnUnhandledRejection) {
 +      return originalOnUnhandledRejection(event)
 +    }
 +  }
 +})
++
 +function handleReload() {
 +  window.location.reload()
 +}
++
 +function handleReset() {
 +  // Clear all localStorage/sessionStorage
 +  localStorage.clear()
 +  sessionStorage.clear()
++
 +  // Clear any cached data
 +  if ('caches' in window) {
 +    caches.keys().then(names => {
 +      names.forEach(name => {
 +        caches.delete(name)
 +      })
 +    })
 +  }
++
 +  // Reload the page
 +  window.location.reload()
 +}
++
 +function handleRetry() {
 +  if (lastAction.value) {
 +    hasError.value = false
 +    errorInfo.value = null
++
 +    try {
 +      lastAction.value()
 +    } catch (error) {
 +      // If retry fails, show error again
 +      setTimeout(() => {
 +        const errorDetails = handleError(error, {
 +          retry: true,
 +          timestamp: Date.now(),
 +        })
 +        hasError.value = true
 +        errorInfo.value = errorDetails
 +      }, 100)
 +    }
 +  }
 +}
++
 +// Expose method to manually trigger error boundary
 +function triggerError(error: Error, action?: Function) {
 +  const errorDetails = handleError(error, {
 +    manual: true,
 +    timestamp: Date.now(),
 +  })
++
 +  hasError.value = true
 +  errorInfo.value = errorDetails
 +  lastAction.value = action || null
 +}
++
 +defineExpose({
 +  triggerError,
 +})
 +</script>
++
 +<style scoped>
 +.error-boundary {
 +  position: fixed;
 +  inset: 0;
 +  z-index: 9999;
 +  background: rgba(0, 0, 0, 0.1);
 +  backdrop-filter: blur(4px);
 +}
++
 +pre {
 +  font-family: 'JetBrains Mono', 'Menlo', 'Monaco', monospace;
 +  font-size: 10px;
 +  line-height: 1.4;
 +}
++
 +details[open] summary {
 +  margin-bottom: 8px;
 +}
 +</style>

client/src/composables/useErrorHandler.tsadded

 +import { ref } from 'vue'
++
 +export interface ErrorInfo {
 +  id: string
 +  type: 'network' | 'validation' | 'auth' | 'server' | 'client' | 'unknown'
 +  message: string
 +  details?: string
 +  timestamp: Date
 +  retryable: boolean
 +  context?: Record<string, any>
 +}
++
 +const errors = ref<ErrorInfo[]>([])
++
 +export function useErrorHandler() {
 +  function handleError(error: any, context?: Record<string, any>): ErrorInfo {
 +    const errorInfo = parseError(error, context)
++
 +    // Store error for debugging
 +    errors.value.unshift(errorInfo)
++
 +    // Keep only last 50 errors
 +    if (errors.value.length > 50) {
 +      errors.value.splice(50)
 +    }
++
 +    // Show user notification
 +    showErrorNotification(errorInfo)
++
 +    // Log error for development
 +    if (import.meta.env.DEV) {
 +      console.error('Error handled:', errorInfo, error)
 +    }
++
 +    return errorInfo
 +  }
++
 +  function parseError(error: any, context?: Record<string, any>): ErrorInfo {
 +    const id = crypto.randomUUID()
 +    const timestamp = new Date()
++
 +    // Network errors
 +    if (error.name === 'NetworkError' || error.code === 'NETWORK_ERROR') {
 +      return {
 +        id,
 +        type: 'network',
 +        message: 'Network connection failed',
 +        details: 'Please check your internet connection and try again.',
 +        timestamp,
 +        retryable: true,
 +        context,
 +      }
 +    }
++
 +    // Fetch/Axios errors
 +    if (error.response) {
 +      const status = error.response.status
 +      const data = error.response.data
++
 +      if (status === 401) {
 +        return {
 +          id,
 +          type: 'auth',
 +          message: 'Authentication required',
 +          details: 'Please log in again to continue.',
 +          timestamp,
 +          retryable: false,
 +          context,
 +        }
 +      }
++
 +      if (status === 403) {
 +        return {
 +          id,
 +          type: 'auth',
 +          message: 'Access denied',
 +          details: 'You do not have permission to perform this action.',
 +          timestamp,
 +          retryable: false,
 +          context,
 +        }
 +      }
++
 +      if (status === 404) {
 +        return {
 +          id,
 +          type: 'client',
 +          message: 'Resource not found',
 +          details: 'The requested resource could not be found.',
 +          timestamp,
 +          retryable: false,
 +          context,
 +        }
 +      }
++
 +      if (status === 413) {
 +        return {
 +          id,
 +          type: 'validation',
 +          message: 'File too large',
 +          details: 'The file you are trying to upload exceeds the maximum size limit.',
 +          timestamp,
 +          retryable: false,
 +          context,
 +        }
 +      }
++
 +      if (status === 422) {
 +        return {
 +          id,
 +          type: 'validation',
 +          message: 'Invalid data',
 +          details: data?.message || 'Please check your input and try again.',
 +          timestamp,
 +          retryable: false,
 +          context,
 +        }
 +      }
++
 +      if (status === 429) {
 +        return {
 +          id,
 +          type: 'client',
 +          message: 'Too many requests',
 +          details: 'Please wait a moment before trying again.',
 +          timestamp,
 +          retryable: true,
 +          context,
 +        }
 +      }
++
 +      if (status >= 500) {
 +        return {
 +          id,
 +          type: 'server',
 +          message: 'Server error',
 +          details: 'Something went wrong on our end. Please try again later.',
 +          timestamp,
 +          retryable: true,
 +          context,
 +        }
 +      }
++
 +      return {
 +        id,
 +        type: 'unknown',
 +        message: data?.message || 'An unexpected error occurred',
 +        details: data?.details || `HTTP ${status} error`,
 +        timestamp,
 +        retryable: status >= 500,
 +        context,
 +      }
 +    }
++
 +    // Validation errors
 +    if (error.name === 'ValidationError' || error.type === 'validation') {
 +      return {
 +        id,
 +        type: 'validation',
 +        message: error.message || 'Validation failed',
 +        details: 'Please check your input and try again.',
 +        timestamp,
 +        retryable: false,
 +        context,
 +      }
 +    }
++
 +    // Timeout errors
 +    if (error.name === 'TimeoutError' || error.code === 'ECONNABORTED') {
 +      return {
 +        id,
 +        type: 'network',
 +        message: 'Request timeout',
 +        details: 'The request took too long to complete. Please try again.',
 +        timestamp,
 +        retryable: true,
 +        context,
 +      }
 +    }
++
 +    // Generic error fallback
 +    return {
 +      id,
 +      type: 'unknown',
 +      message: error.message || 'An unexpected error occurred',
 +      details: 'Please try again or contact support if the problem persists.',
 +      timestamp,
 +      retryable: true,
 +      context,
 +    }
 +  }
++
 +  function showErrorNotification(errorInfo: ErrorInfo) {
 +    if (!window.$notify) return
++
 +    const title = getErrorTitle(errorInfo.type)
 +    const duration = errorInfo.retryable ? 8000 : 5000
++
 +    window.$notify.error(errorInfo.message, title, duration)
 +  }
++
 +  function getErrorTitle(type: ErrorInfo['type']): string {
 +    switch (type) {
 +      case 'network':
 +        return 'Connection Error'
 +      case 'auth':
 +        return 'Authentication Error'
 +      case 'validation':
 +        return 'Validation Error'
 +      case 'server':
 +        return 'Server Error'
 +      case 'client':
 +        return 'Client Error'
 +      default:
 +        return 'Error'
 +    }
 +  }
++
 +  function clearErrors() {
 +    errors.value = []
 +  }
++
 +  function getRecentErrors(limit = 10) {
 +    return errors.value.slice(0, limit)
 +  }
++
 +  function retry(originalFunction: Function, errorInfo: ErrorInfo) {
 +    if (!errorInfo.retryable) {
 +      window.$notify?.warning('This action cannot be retried')
 +      return
 +    }
++
 +    try {
 +      return originalFunction()
 +    } catch (error) {
 +      handleError(error, { ...errorInfo.context, retry: true })
 +    }
 +  }
++
 +  return {
 +    handleError,
 +    clearErrors,
 +    getRecentErrors,
 +    retry,
 +    errors: errors.value,
 +  }
 +}
++
 +// Global error handler for uncaught errors
 +export function setupGlobalErrorHandler() {
 +  const { handleError } = useErrorHandler()
++
 +  // Handle uncaught JavaScript errors
 +  window.addEventListener('error', (event) => {
 +    handleError(event.error, {
 +      filename: event.filename,
 +      lineno: event.lineno,
 +      colno: event.colno,
 +    })
 +  })
++
 +  // Handle unhandled promise rejections
 +  window.addEventListener('unhandledrejection', (event) => {
 +    handleError(event.reason, {
 +      type: 'unhandled_promise_rejection',
 +    })
 +  })
++
 +  // Handle Vue errors (if using Vue)
 +  if (window.Vue) {
 +    window.Vue.config.errorHandler = (error: Error, instance: any, info: string) => {
 +      handleError(error, {
 +        component: instance?.$options.name || 'Unknown',
 +        info,
 +      })
 +    }
 +  }
 +}

client/src/views/SettingsView.vueadded

 +<template>
 +  <AppLayout>
 +    <div class="settings-view">
 +      <div class="max-w-4xl mx-auto py-8 px-4">
 +        <h1 class="text-2xl font-bold text-gray-900 dark:text-white mb-8">Settings</h1>
++
 +        <!-- Settings sections -->
 +        <div class="space-y-8">
 +          <!-- Appearance -->
 +          <div class="card">
 +            <div class="card-header">
 +              <h2 class="text-lg font-semibold text-gray-900 dark:text-white">Appearance</h2>
 +              <p class="text-sm text-gray-600 dark:text-gray-400">Customize the look and feel</p>
 +            </div>
 +            <div class="card-body space-y-4">
 +              <!-- Theme -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Theme</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Choose your preferred color scheme</p>
 +                </div>
 +                <select
 +                  v-model="settings.theme"
 +                  @change="updateSetting('theme', $event.target.value)"
 +                  class="input w-32"
 +                >
 +                  <option value="system">System</option>
 +                  <option value="light">Light</option>
 +                  <option value="dark">Dark</option>
 +                </select>
 +              </div>
++
 +              <!-- Language -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Language</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Select your preferred language</p>
 +                </div>
 +                <select
 +                  v-model="settings.language"
 +                  @change="updateSetting('language', $event.target.value)"
 +                  class="input w-32"
 +                >
 +                  <option value="en">English</option>
 +                  <option value="es">Español</option>
 +                  <option value="fr">Français</option>
 +                  <option value="de">Deutsch</option>
 +                </select>
 +              </div>
++
 +              <!-- File view -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Default file view</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">How files are displayed by default</p>
 +                </div>
 +                <select
 +                  v-model="settings.defaultFileView"
 +                  @change="updateSetting('defaultFileView', $event.target.value)"
 +                  class="input w-32"
 +                >
 +                  <option value="grid">Grid</option>
 +                  <option value="list">List</option>
 +                </select>
 +              </div>
 +            </div>
 +          </div>
++
 +          <!-- Files & Storage -->
 +          <div class="card">
 +            <div class="card-header">
 +              <h2 class="text-lg font-semibold text-gray-900 dark:text-white">Files & Storage</h2>
 +              <p class="text-sm text-gray-600 dark:text-gray-400">Configure file handling preferences</p>
 +            </div>
 +            <div class="card-body space-y-4">
 +              <!-- Auto-encrypt -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Auto-encrypt uploads</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Automatically encrypt all uploaded files</p>
 +                </div>
 +                <label class="relative inline-flex items-center cursor-pointer">
 +                  <input
 +                    v-model="settings.autoEncrypt"
 +                    @change="updateSetting('autoEncrypt', $event.target.checked)"
 +                    type="checkbox"
 +                    class="sr-only peer"
 +                  />
 +                  <div class="w-11 h-6 bg-gray-200 dark:bg-gray-700 peer-focus:outline-none peer-focus:ring-4 peer-focus:ring-primary-300 dark:peer-focus:ring-primary-800 rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all dark:border-gray-600 peer-checked:bg-primary-600"></div>
 +                </label>
 +              </div>
++
 +              <!-- Default upload folder -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Default upload folder</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Where new files are uploaded by default</p>
 +                </div>
 +                <input
 +                  v-model="settings.defaultUploadFolder"
 +                  @blur="updateSetting('defaultUploadFolder', $event.target.value)"
 +                  type="text"
 +                  placeholder="/uploads"
 +                  class="input w-48"
 +                />
 +              </div>
++
 +              <!-- Max file size -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Max upload size</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Maximum file size for uploads</p>
 +                </div>
 +                <select
 +                  v-model="settings.maxUploadSize"
 +                  @change="updateSetting('maxUploadSize', parseInt($event.target.value))"
 +                  class="input w-32"
 +                >
 +                  <option :value="100 * 1024 * 1024">100 MB</option>
 +                  <option :value="500 * 1024 * 1024">500 MB</option>
 +                  <option :value="1024 * 1024 * 1024">1 GB</option>
 +                  <option :value="5 * 1024 * 1024 * 1024">5 GB</option>
 +                </select>
 +              </div>
 +            </div>
 +          </div>
++
 +          <!-- Privacy & Security -->
 +          <div class="card">
 +            <div class="card-header">
 +              <h2 class="text-lg font-semibold text-gray-900 dark:text-white">Privacy & Security</h2>
 +              <p class="text-sm text-gray-600 dark:text-gray-400">Control your privacy and security settings</p>
 +            </div>
 +            <div class="card-body space-y-4">
 +              <!-- Session timeout -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Session timeout</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Automatically log out after inactivity</p>
 +                </div>
 +                <select
 +                  v-model="settings.sessionTimeout"
 +                  @change="updateSetting('sessionTimeout', parseInt($event.target.value))"
 +                  class="input w-32"
 +                >
 +                  <option :value="30">30 minutes</option>
 +                  <option :value="60">1 hour</option>
 +                  <option :value="240">4 hours</option>
 +                  <option :value="480">8 hours</option>
 +                  <option :value="0">Never</option>
 +                </select>
 +              </div>
++
 +              <!-- Clear data on logout -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Clear data on logout</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Remove cached data when you log out</p>
 +                </div>
 +                <label class="relative inline-flex items-center cursor-pointer">
 +                  <input
 +                    v-model="settings.clearDataOnLogout"
 +                    @change="updateSetting('clearDataOnLogout', $event.target.checked)"
 +                    type="checkbox"
 +                    class="sr-only peer"
 +                  />
 +                  <div class="w-11 h-6 bg-gray-200 dark:bg-gray-700 peer-focus:outline-none peer-focus:ring-4 peer-focus:ring-primary-300 dark:peer-focus:ring-primary-800 rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all dark:border-gray-600 peer-checked:bg-primary-600"></div>
 +                </label>
 +              </div>
 +            </div>
 +          </div>
++
 +          <!-- Notifications -->
 +          <div class="card">
 +            <div class="card-header">
 +              <h2 class="text-lg font-semibold text-gray-900 dark:text-white">Notifications</h2>
 +              <p class="text-sm text-gray-600 dark:text-gray-400">Choose what notifications you receive</p>
 +            </div>
 +            <div class="card-body space-y-4">
 +              <!-- Upload notifications -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Upload notifications</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Show notifications when uploads complete</p>
 +                </div>
 +                <label class="relative inline-flex items-center cursor-pointer">
 +                  <input
 +                    v-model="settings.notifyUploads"
 +                    @change="updateSetting('notifyUploads', $event.target.checked)"
 +                    type="checkbox"
 +                    class="sr-only peer"
 +                  />
 +                  <div class="w-11 h-6 bg-gray-200 dark:bg-gray-700 peer-focus:outline-none peer-focus:ring-4 peer-focus:ring-primary-300 dark:peer-focus:ring-primary-800 rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all dark:border-gray-600 peer-checked:bg-primary-600"></div>
 +                </label>
 +              </div>
++
 +              <!-- Error notifications -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Error notifications</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Show notifications when errors occur</p>
 +                </div>
 +                <label class="relative inline-flex items-center cursor-pointer">
 +                  <input
 +                    v-model="settings.notifyErrors"
 +                    @change="updateSetting('notifyErrors', $event.target.checked)"
 +                    type="checkbox"
 +                    class="sr-only peer"
 +                  />
 +                  <div class="w-11 h-6 bg-gray-200 dark:bg-gray-700 peer-focus:outline-none peer-focus:ring-4 peer-focus:ring-primary-300 dark:peer-focus:ring-primary-800 rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all dark:border-gray-600 peer-checked:bg-primary-600"></div>
 +                </label>
 +              </div>
 +            </div>
 +          </div>
++
 +          <!-- Actions -->
 +          <div class="card">
 +            <div class="card-header">
 +              <h2 class="text-lg font-semibold text-gray-900 dark:text-white">Actions</h2>
 +              <p class="text-sm text-gray-600 dark:text-gray-400">Manage your account and data</p>
 +            </div>
 +            <div class="card-body space-y-4">
 +              <!-- Export settings -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Export settings</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Download your settings as a file</p>
 +                </div>
 +                <button @click="exportSettings" class="btn btn-outline">
 +                  Export
 +                </button>
 +              </div>
++
 +              <!-- Import settings -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Import settings</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Restore settings from a file</p>
 +                </div>
 +                <div class="flex items-center space-x-2">
 +                  <input
 +                    ref="importInput"
 +                    type="file"
 +                    accept=".json"
 +                    @change="importSettings"
 +                    class="hidden"
 +                  />
 +                  <button @click="$refs.importInput.click()" class="btn btn-outline">
 +                    Import
 +                  </button>
 +                </div>
 +              </div>
++
 +              <!-- Reset settings -->
 +              <div class="flex items-center justify-between">
 +                <div>
 +                  <label class="text-sm font-medium text-gray-700 dark:text-gray-300">Reset to defaults</label>
 +                  <p class="text-xs text-gray-500 dark:text-gray-400">Restore all settings to their default values</p>
 +                </div>
 +                <button @click="resetSettings" class="btn btn-danger">
 +                  Reset
 +                </button>
 +              </div>
 +            </div>
 +          </div>
 +        </div>
 +      </div>
 +    </div>
 +  </AppLayout>
 +</template>
++
 +<script setup lang="ts">
 +import { ref, reactive, onMounted } from 'vue'
 +import AppLayout from '@/components/AppLayout.vue'
++
 +interface Settings {
 +  theme: 'system' | 'light' | 'dark'
 +  language: string
 +  defaultFileView: 'grid' | 'list'
 +  autoEncrypt: boolean
 +  defaultUploadFolder: string
 +  maxUploadSize: number
 +  sessionTimeout: number
 +  clearDataOnLogout: boolean
 +  notifyUploads: boolean
 +  notifyErrors: boolean
 +}
++
 +const defaultSettings: Settings = {
 +  theme: 'system',
 +  language: 'en',
 +  defaultFileView: 'grid',
 +  autoEncrypt: false,
 +  defaultUploadFolder: '/uploads',
 +  maxUploadSize: 1024 * 1024 * 1024, // 1GB
 +  sessionTimeout: 60, // 1 hour
 +  clearDataOnLogout: true,
 +  notifyUploads: true,
 +  notifyErrors: true,
 +}
++
 +const settings = reactive<Settings>({ ...defaultSettings })
 +const importInput = ref<HTMLInputElement>()
++
 +function loadSettings() {
 +  try {
 +    const saved = localStorage.getItem('zephyrfs_settings')
 +    if (saved) {
 +      const parsed = JSON.parse(saved)
 +      Object.assign(settings, { ...defaultSettings, ...parsed })
 +    }
 +  } catch (error) {
 +    console.warn('Failed to load settings:', error)
 +  }
 +}
++
 +function saveSettings() {
 +  try {
 +    localStorage.setItem('zephyrfs_settings', JSON.stringify(settings))
 +  } catch (error) {
 +    console.error('Failed to save settings:', error)
 +    if (window.$notify) {
 +      window.$notify.error('Failed to save settings')
 +    }
 +  }
 +}
++
 +function updateSetting(key: keyof Settings, value: any) {
 +  (settings as any)[key] = value
 +  saveSettings()
++
 +  // Apply certain settings immediately
 +  if (key === 'theme') {
 +    applyTheme(value)
 +  }
++
 +  if (window.$notify) {
 +    window.$notify.success('Setting updated')
 +  }
 +}
++
 +function applyTheme(theme: string) {
 +  const html = document.documentElement
++
 +  if (theme === 'dark') {
 +    html.classList.add('dark')
 +  } else if (theme === 'light') {
 +    html.classList.remove('dark')
 +  } else {
 +    // System theme
 +    const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches
 +    html.classList.toggle('dark', prefersDark)
 +  }
 +}
++
 +function exportSettings() {
 +  try {
 +    const data = JSON.stringify(settings, null, 2)
 +    const blob = new Blob([data], { type: 'application/json' })
 +    const url = URL.createObjectURL(blob)
++
 +    const link = document.createElement('a')
 +    link.href = url
 +    link.download = `zephyrfs-settings-${new Date().toISOString().split('T')[0]}.json`
 +    document.body.appendChild(link)
 +    link.click()
 +    document.body.removeChild(link)
++
 +    URL.revokeObjectURL(url)
++
 +    if (window.$notify) {
 +      window.$notify.success('Settings exported successfully')
 +    }
 +  } catch (error) {
 +    console.error('Failed to export settings:', error)
 +    if (window.$notify) {
 +      window.$notify.error('Failed to export settings')
 +    }
 +  }
 +}
++
 +function importSettings(event: Event) {
 +  const file = (event.target as HTMLInputElement).files?.[0]
 +  if (!file) return
++
 +  const reader = new FileReader()
 +  reader.onload = (e) => {
 +    try {
 +      const imported = JSON.parse(e.target?.result as string)
 +      Object.assign(settings, { ...defaultSettings, ...imported })
 +      saveSettings()
++
 +      // Apply theme immediately
 +      applyTheme(settings.theme)
++
 +      if (window.$notify) {
 +        window.$notify.success('Settings imported successfully')
 +      }
 +    } catch (error) {
 +      console.error('Failed to import settings:', error)
 +      if (window.$notify) {
 +        window.$notify.error('Failed to import settings. Please check the file format.')
 +      }
 +    }
 +  }
++
 +  reader.readAsText(file)
++
 +  // Reset input
 +  if (importInput.value) {
 +    importInput.value.value = ''
 +  }
 +}
++
 +function resetSettings() {
 +  if (confirm('Are you sure you want to reset all settings to their defaults? This action cannot be undone.')) {
 +    Object.assign(settings, defaultSettings)
 +    saveSettings()
 +    applyTheme(settings.theme)
++
 +    if (window.$notify) {
 +      window.$notify.success('Settings reset to defaults')
 +    }
 +  }
 +}
++
 +onMounted(() => {
 +  loadSettings()
 +  applyTheme(settings.theme)
 +})
 +</script>

deploy/production.ymladded

 +version: '3.8'
++
 +services:
 +  # Frontend (Vue.js + nginx)
 +  web-client:
 +    image: zephyrfs/web-client:latest
 +    deploy:
 +      replicas: 2
 +      restart_policy:
 +        condition: on-failure
 +        delay: 5s
 +        max_attempts: 3
 +      resources:
 +        limits:
 +          memory: 512M
 +          cpus: '0.5'
 +        reservations:
 +          memory: 256M
 +          cpus: '0.25'
 +    environment:
 +      - NODE_ENV=production
 +    networks:
 +      - zephyrfs-frontend
 +      - zephyrfs-backend
 +    volumes:
 +      - web-logs:/var/log/nginx
 +    healthcheck:
 +      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
 +      start_period: 40s
++
 +  # Backend API server
 +  web-server:
 +    image: zephyrfs/web-server:latest
 +    deploy:
 +      replicas: 3
 +      restart_policy:
 +        condition: on-failure
 +        delay: 5s
 +        max_attempts: 3
 +      resources:
 +        limits:
 +          memory: 1G
 +          cpus: '1.0'
 +        reservations:
 +          memory: 512M
 +          cpus: '0.5'
 +    environment:
 +      - NODE_ENV=production
 +      - ZEPHYRFS_NODE_URL=http://zephyrfs-node:8080
 +      - JWT_SECRET=${JWT_SECRET}
 +      - LOG_LEVEL=info
 +      - CORS_ORIGINS=${CORS_ORIGINS:-https://your-domain.com}
 +      - PORT=3000
 +    secrets:
 +      - jwt_secret
 +    volumes:
 +      - web-logs:/app/logs
 +    networks:
 +      - zephyrfs-backend
 +    healthcheck:
 +      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
 +      start_period: 40s
++
 +  # ZephyrFS core node
 +  zephyrfs-node:
 +    image: zephyrfs/node:latest
 +    deploy:
 +      replicas: 1
 +      restart_policy:
 +        condition: on-failure
 +        delay: 10s
 +        max_attempts: 3
 +      resources:
 +        limits:
 +          memory: 2G
 +          cpus: '2.0'
 +        reservations:
 +          memory: 1G
 +          cpus: '1.0'
 +    environment:
 +      - RUST_LOG=info
 +      - ZEPHYRFS_DATA_DIR=/data
 +      - ZEPHYRFS_BIND_ADDR=0.0.0.0:8080
 +    volumes:
 +      - zephyrfs-data:/data
 +      - node-logs:/logs
 +    networks:
 +      - zephyrfs-backend
 +    healthcheck:
 +      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
 +      start_period: 60s
++
 +  # Load balancer with TLS termination
 +  nginx-proxy:
 +    image: nginx:alpine
 +    ports:
 +      - "443:443"
 +      - "80:80"
 +    deploy:
 +      replicas: 2
 +      restart_policy:
 +        condition: on-failure
 +        delay: 5s
 +        max_attempts: 3
 +      resources:
 +        limits:
 +          memory: 256M
 +          cpus: '0.5'
 +        reservations:
 +          memory: 128M
 +          cpus: '0.25'
 +    volumes:
 +      - ./nginx/production.conf:/etc/nginx/nginx.conf:ro
 +      - ssl-certs:/etc/nginx/ssl:ro
 +      - nginx-logs:/var/log/nginx
 +    networks:
 +      - zephyrfs-frontend
 +    depends_on:
 +      - web-client
 +    healthcheck:
 +      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
++
 +  # Monitoring and logging
 +  prometheus:
 +    image: prom/prometheus:latest
 +    ports:
 +      - "9090:9090"
 +    deploy:
 +      replicas: 1
 +      resources:
 +        limits:
 +          memory: 512M
 +          cpus: '0.5'
 +    volumes:
 +      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
 +      - prometheus-data:/prometheus
 +    networks:
 +      - zephyrfs-monitoring
 +    command:
 +      - '--config.file=/etc/prometheus/prometheus.yml'
 +      - '--storage.tsdb.path=/prometheus'
 +      - '--web.console.libraries=/etc/prometheus/console_libraries'
 +      - '--web.console.templates=/etc/prometheus/consoles'
 +      - '--web.enable-lifecycle'
++
 +  grafana:
 +    image: grafana/grafana:latest
 +    ports:
 +      - "3001:3000"
 +    deploy:
 +      replicas: 1
 +      resources:
 +        limits:
 +          memory: 256M
 +          cpus: '0.25'
 +    environment:
 +      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:-admin}
 +      - GF_INSTALL_PLUGINS=grafana-piechart-panel
 +    volumes:
 +      - grafana-data:/var/lib/grafana
 +      - ./monitoring/grafana/dashboards:/etc/grafana/provisioning/dashboards:ro
 +      - ./monitoring/grafana/datasources:/etc/grafana/provisioning/datasources:ro
 +    networks:
 +      - zephyrfs-monitoring
++
 +  # Log aggregation
 +  loki:
 +    image: grafana/loki:latest
 +    ports:
 +      - "3100:3100"
 +    deploy:
 +      replicas: 1
 +      resources:
 +        limits:
 +          memory: 512M
 +          cpus: '0.5'
 +    volumes:
 +      - ./monitoring/loki.yml:/etc/loki/local-config.yaml:ro
 +      - loki-data:/loki
 +    networks:
 +      - zephyrfs-monitoring
 +    command: -config.file=/etc/loki/local-config.yaml
++
 +  promtail:
 +    image: grafana/promtail:latest
 +    deploy:
 +      replicas: 1
 +      resources:
 +        limits:
 +          memory: 128M
 +          cpus: '0.25'
 +    volumes:
 +      - /var/log:/var/log:ro
 +      - web-logs:/var/log/web:ro
 +      - node-logs:/var/log/node:ro
 +      - nginx-logs:/var/log/nginx:ro
 +      - ./monitoring/promtail.yml:/etc/promtail/config.yml:ro
 +    networks:
 +      - zephyrfs-monitoring
 +    command: -config.file=/etc/promtail/config.yml
++
 +volumes:
 +  zephyrfs-data:
 +    driver: local
 +    driver_opts:
 +      type: none
 +      o: bind
 +      device: ${DATA_PATH:-/opt/zephyrfs/data}
 +  web-logs:
 +    driver: local
 +  node-logs:
 +    driver: local
 +  nginx-logs:
 +    driver: local
 +  prometheus-data:
 +    driver: local
 +  grafana-data:
 +    driver: local
 +  loki-data:
 +    driver: local
 +  ssl-certs:
 +    driver: local
 +    driver_opts:
 +      type: none
 +      o: bind
 +      device: ${SSL_CERTS_PATH:-/opt/zephyrfs/ssl}
++
 +networks:
 +  zephyrfs-frontend:
 +    driver: overlay
 +    attachable: true
 +  zephyrfs-backend:
 +    driver: overlay
 +    internal: true
 +  zephyrfs-monitoring:
 +    driver: overlay
 +    internal: true
++
 +secrets:
 +  jwt_secret:
 +    external: true
++
 +configs:
 +  nginx_config:
 +    external: true

docker-compose.ymlmodified

  version: '3.8'
  services:
 +  # Frontend (Vue.js + nginx)
 +  web-client:
 +    build:
 +      context: ./client
 +      dockerfile: Dockerfile
 +    ports:
 +      - "80:8080"
 +    environment:
 +      - NODE_ENV=production
 +    depends_on:
 +      - web-server
 +    networks:
 +      - zephyrfs
 +    restart: unless-stopped
 +    healthcheck:
 +      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
 +      start_period: 40s
++
 +  # Backend API server
    web-server:
      build:
        context: ./server
      ports:
        - "3000:3000"
      environment:
 -      - NODE_ENV=development
 -      - ZEPHYRFS_NODE_URL=http://localhost:8080
 -      - JWT_SECRET=your-jwt-secret-change-in-production
 +      - NODE_ENV=production
 +      - ZEPHYRFS_NODE_URL=http://zephyrfs-node:8080
 +      - JWT_SECRET=${JWT_SECRET:-change-this-in-production-min-32-chars-long}
 +      - LOG_LEVEL=info
 +      - CORS_ORIGINS=http://localhost
      volumes:
 -      - ./server/src:/app/src:ro
 -      - ./server/dist:/app/dist
 +      - web-logs:/app/logs
      depends_on:
        - zephyrfs-node
      networks:
        - zephyrfs
 +    restart: unless-stopped
 +    healthcheck:
 +      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
 +      start_period: 40s
 +  # ZephyrFS core node
    zephyrfs-node:
      image: zephyrfs-node:latest
      ports:
        - "8080:8080"
      volumes:
        - zephyrfs-data:/data
 +      - node-logs:/logs
 +    environment:
 +      - RUST_LOG=info
 +      - ZEPHYRFS_DATA_DIR=/data
 +    networks:
 +      - zephyrfs
 +    restart: unless-stopped
 +    healthcheck:
 +      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
 +      start_period: 60s
++
 +  # Reverse proxy with TLS termination
 +  nginx-proxy:
 +    image: nginx:alpine
 +    ports:
 +      - "443:443"
 +      - "80:80"
 +    volumes:
 +      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
 +      - ./nginx/ssl:/etc/nginx/ssl:ro
 +      - nginx-logs:/var/log/nginx
 +    depends_on:
 +      - web-client
      networks:
        - zephyrfs
 +    restart: unless-stopped
 +    healthcheck:
 +      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/health"]
 +      interval: 30s
 +      timeout: 10s
 +      retries: 3
  volumes:
    zephyrfs-data:
 +    driver: local
 +  web-logs:
 +    driver: local
 +  node-logs:
 +    driver: local
 +  nginx-logs:
 +    driver: local
  networks:
    zephyrfs:
 -    driver: bridge
 +    driver: bridge
 +    ipam:
 +      config:
 +        - subnet: 172.20.0.0/16

monitoring/grafana/dashboards/dashboard.ymladded

 +apiVersion: 1
++
 +providers:
 +  - name: 'default'
 +    orgId: 1
 +    folder: ''
 +    type: file
 +    disableDeletion: false
 +    editable: true
 +    updateIntervalSeconds: 10
 +    allowUiUpdates: true
 +    options:
 +      path: /etc/grafana/provisioning/dashboards

monitoring/grafana/datasources/prometheus.ymladded

 +apiVersion: 1
++
 +datasources:
 +  - name: Prometheus
 +    type: prometheus
 +    access: proxy
 +    url: http://prometheus:9090
 +    isDefault: true
 +    jsonData:
 +      httpMethod: POST
 +      prometheusType: Prometheus
 +      prometheusVersion: 2.40.0
 +    editable: true
++
 +  - name: Loki
 +    type: loki
 +    access: proxy
 +    url: http://loki:3100
 +    jsonData:
 +      maxLines: 1000
 +    editable: true

monitoring/loki.ymladded

 +auth_enabled: false
++
 +server:
 +  http_listen_port: 3100
 +  grpc_listen_port: 9096
++
 +common:
 +  path_prefix: /loki
 +  storage:
 +    filesystem:
 +      chunks_directory: /loki/chunks
 +      rules_directory: /loki/rules
 +  replication_factor: 1
 +  ring:
 +    instance_addr: 127.0.0.1
 +    kvstore:
 +      store: inmemory
++
 +schema_config:
 +  configs:
 +    - from: 2020-10-24
 +      store: boltdb-shipper
 +      object_store: filesystem
 +      schema: v11
 +      index:
 +        prefix: index_
 +        period: 24h
++
 +storage_config:
 +  boltdb_shipper:
 +    active_index_directory: /loki/boltdb-shipper-active
 +    cache_location: /loki/boltdb-shipper-cache
 +    shared_store: filesystem
 +  filesystem:
 +    directory: /loki/chunks
++
 +compactor:
 +  working_directory: /loki/boltdb-shipper-compactor
 +  shared_store: filesystem
++
 +limits_config:
 +  reject_old_samples: true
 +  reject_old_samples_max_age: 168h
 +  ingestion_rate_mb: 16
 +  ingestion_burst_size_mb: 32
++
 +chunk_store_config:
 +  max_look_back_period: 0s
++
 +table_manager:
 +  retention_deletes_enabled: false
 +  retention_period: 0s
++
 +ruler:
 +  storage:
 +    type: local
 +    local:
 +      directory: /loki/rules
 +  rule_path: /loki/rules
 +  alertmanager_url: http://alertmanager:9093
 +  ring:
 +    kvstore:
 +      store: inmemory
 +  enable_api: true

monitoring/prometheus.ymladded

 +global:
 +  scrape_interval: 15s
 +  evaluation_interval: 15s
++
 +rule_files:
 +  - "alert_rules.yml"
++
 +alerting:
 +  alertmanagers:
 +    - static_configs:
 +        - targets:
 +          - alertmanager:9093
++
 +scrape_configs:
 +  - job_name: 'prometheus'
 +    static_configs:
 +      - targets: ['localhost:9090']
++
 +  - job_name: 'zephyrfs-web-server'
 +    static_configs:
 +      - targets: ['web-server:3000']
 +    scrape_interval: 30s
 +    metrics_path: '/api/metrics'
 +    scheme: http
++
 +  - job_name: 'zephyrfs-node'
 +    static_configs:
 +      - targets: ['zephyrfs-node:8080']
 +    scrape_interval: 30s
 +    metrics_path: '/metrics'
 +    scheme: http
++
 +  - job_name: 'nginx-proxy'
 +    static_configs:
 +      - targets: ['nginx-proxy:80']
 +    scrape_interval: 60s
 +    metrics_path: '/nginx_status'
 +    scheme: http
++
 +  - job_name: 'node-exporter'
 +    static_configs:
 +      - targets: ['node-exporter:9100']
 +    scrape_interval: 30s
++
 +  - job_name: 'cadvisor'
 +    static_configs:
 +      - targets: ['cadvisor:8080']
 +    scrape_interval: 30s
 +    metrics_path: '/metrics'

monitoring/promtail.ymladded

 +server:
 +  http_listen_port: 9080
 +  grpc_listen_port: 0
++
 +positions:
 +  filename: /tmp/positions.yaml
++
 +clients:
 +  - url: http://loki:3100/loki/api/v1/push
++
 +scrape_configs:
 +  - job_name: system
 +    static_configs:
 +      - targets:
 +          - localhost
 +        labels:
 +          job: varlogs
 +          __path__: /var/log/*log
++
 +  - job_name: zephyrfs-web-logs
 +    static_configs:
 +      - targets:
 +          - localhost
 +        labels:
 +          job: zephyrfs-web
 +          service: web-server
 +          __path__: /var/log/web/*.log
++
 +  - job_name: zephyrfs-node-logs
 +    static_configs:
 +      - targets:
 +          - localhost
 +        labels:
 +          job: zephyrfs-node
 +          service: storage-node
 +          __path__: /var/log/node/*.log
++
 +  - job_name: nginx-logs
 +    static_configs:
 +      - targets:
 +          - localhost
 +        labels:
 +          job: nginx
 +          service: proxy
 +          __path__: /var/log/nginx/*.log
++
 +pipeline_stages:
 +  - match:
 +      selector: '{job="zephyrfs-web"}'
 +      stages:
 +        - json:
 +            expressions:
 +              level: level
 +              timestamp: time
 +              message: msg
 +              method: method
 +              url: url
 +              status: statusCode
 +              response_time: responseTime
 +        - labels:
 +            level:
 +            method:
 +            status:
 +        - timestamp:
 +            source: timestamp
 +            format: RFC3339
++
 +  - match:
 +      selector: '{job="nginx"}'
 +      stages:
 +        - regex:
 +            expression: '^(?P<remote_addr>\S+) \S+ \S+ \[(?P<timestamp>[^\]]+)\] "(?P<method>\S+) (?P<path>\S+) \S+" (?P<status>\d+) (?P<body_bytes_sent>\d+) "(?P<referer>[^"]*)" "(?P<user_agent>[^"]*)" (?P<response_time>\S+)'
 +        - labels:
 +            method:
 +            status:
 +            remote_addr:
 +        - timestamp:
 +            source: timestamp
 +            format: 02/Jan/2006:15:04:05 -0700

nginx/nginx.confadded

 +user nginx;
 +worker_processes auto;
 +error_log /var/log/nginx/error.log warn;
 +pid /var/run/nginx.pid;
++
 +events {
 +    worker_connections 1024;
 +    use epoll;
 +    multi_accept on;
 +}
++
 +http {
 +    include /etc/nginx/mime.types;
 +    default_type application/octet-stream;
++
 +    # Logging
 +    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 +                    '$status $body_bytes_sent "$http_referer" '
 +                    '"$http_user_agent" "$http_x_forwarded_for" '
 +                    'rt=$request_time uct="$upstream_connect_time" '
 +                    'uht="$upstream_header_time" urt="$upstream_response_time"';
++
 +    access_log /var/log/nginx/access.log main;
++
 +    # Performance settings
 +    sendfile on;
 +    tcp_nopush on;
 +    tcp_nodelay on;
 +    keepalive_timeout 65;
 +    types_hash_max_size 2048;
 +    client_max_body_size 1G;
 +    server_tokens off;
++
 +    # Gzip compression
 +    gzip on;
 +    gzip_vary on;
 +    gzip_min_length 1024;
 +    gzip_proxied any;
 +    gzip_comp_level 6;
 +    gzip_types
 +        text/plain
 +        text/css
 +        text/xml
 +        text/javascript
 +        application/json
 +        application/javascript
 +        application/xml+rss
 +        application/atom+xml
 +        image/svg+xml;
++
 +    # Rate limiting
 +    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
 +    limit_req_zone $binary_remote_addr zone=auth:10m rate=5r/s;
++
 +    # Upstream backend
 +    upstream web-backend {
 +        server web-client:8080;
 +        keepalive 32;
 +    }
++
 +    # HTTP to HTTPS redirect
 +    server {
 +        listen 80;
 +        listen [::]:80;
 +        server_name _;
++
 +        # Health check endpoint (allow HTTP)
 +        location /health {
 +            return 200 "healthy\n";
 +            add_header Content-Type text/plain;
 +            access_log off;
 +        }
++
 +        # Redirect all other traffic to HTTPS
 +        location / {
 +            return 301 https://$host$request_uri;
 +        }
 +    }
++
 +    # HTTPS server
 +    server {
 +        listen 443 ssl http2;
 +        listen [::]:443 ssl http2;
 +        server_name _;
++
 +        # SSL configuration
 +        ssl_certificate /etc/nginx/ssl/cert.pem;
 +        ssl_certificate_key /etc/nginx/ssl/key.pem;
 +        ssl_session_timeout 1d;
 +        ssl_session_cache shared:SSL:50m;
 +        ssl_session_tickets off;
++
 +        # Modern SSL configuration
 +        ssl_protocols TLSv1.2 TLSv1.3;
 +        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
 +        ssl_prefer_server_ciphers off;
++
 +        # HSTS (optional, uncomment if using a real domain)
 +        # add_header Strict-Transport-Security "max-age=63072000" always;
++
 +        # Security headers
 +        add_header X-Frame-Options DENY always;
 +        add_header X-Content-Type-Options nosniff always;
 +        add_header X-XSS-Protection "1; mode=block" always;
 +        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
 +        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' ws: wss:; media-src 'self' blob:;" always;
++
 +        # Main application
 +        location / {
 +            proxy_pass http://web-backend;
 +            proxy_http_version 1.1;
 +            proxy_set_header Upgrade $http_upgrade;
 +            proxy_set_header Connection 'upgrade';
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
 +            proxy_cache_bypass $http_upgrade;
 +            proxy_read_timeout 300;
 +            proxy_connect_timeout 300;
 +            proxy_send_timeout 300;
++
 +            # Rate limiting
 +            limit_req zone=api burst=20 nodelay;
 +        }
++
 +        # Authentication endpoints with stricter rate limiting
 +        location ~ ^/api/auth/ {
 +            proxy_pass http://web-backend;
 +            proxy_http_version 1.1;
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
++
 +            # Stricter rate limiting for auth
 +            limit_req zone=auth burst=10 nodelay;
 +        }
++
 +        # Health check
 +        location /health {
 +            access_log off;
 +            return 200 "healthy\n";
 +            add_header Content-Type text/plain;
 +        }
++
 +        # Security: Block access to sensitive files
 +        location ~ /\. {
 +            deny all;
 +            access_log off;
 +            log_not_found off;
 +        }
++
 +        location ~ ^/(package\.json|Dockerfile|docker-compose\.yml)$ {
 +            deny all;
 +            access_log off;
 +            log_not_found off;
 +        }
 +    }
 +}

nginx/production.confadded

 +worker_processes auto;
 +worker_rlimit_nofile 65535;
++
 +events {
 +    worker_connections 4096;
 +    use epoll;
 +    multi_accept on;
 +}
++
 +http {
 +    charset utf-8;
 +    sendfile on;
 +    tcp_nopush on;
 +    tcp_nodelay on;
 +    server_tokens off;
 +    log_not_found off;
 +    types_hash_max_size 4096;
 +    client_max_body_size 1G;
++
 +    # MIME types
 +    include /etc/nginx/mime.types;
 +    default_type application/octet-stream;
++
 +    # Logging
 +    access_log /var/log/nginx/access.log;
 +    error_log /var/log/nginx/error.log warn;
++
 +    # Rate limiting
 +    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
 +    limit_req_zone $binary_remote_addr zone=upload:10m rate=2r/s;
++
 +    # SSL Configuration
 +    ssl_protocols TLSv1.2 TLSv1.3;
 +    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
 +    ssl_prefer_server_ciphers off;
 +    ssl_session_cache shared:SSL:10m;
 +    ssl_session_timeout 1d;
++
 +    # Security headers
 +    add_header X-Frame-Options "SAMEORIGIN" always;
 +    add_header X-Content-Type-Options "nosniff" always;
 +    add_header X-XSS-Protection "1; mode=block" always;
 +    add_header Referrer-Policy "no-referrer-when-downgrade" always;
 +    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
++
 +    # Gzip compression
 +    gzip on;
 +    gzip_vary on;
 +    gzip_proxied any;
 +    gzip_comp_level 6;
 +    gzip_types
 +        text/plain
 +        text/css
 +        text/xml
 +        text/javascript
 +        application/json
 +        application/javascript
 +        application/xml+rss
 +        application/atom+xml
 +        image/svg+xml;
++
 +    # Upstream backends
 +    upstream web_backend {
 +        least_conn;
 +        server web-server:3000 max_fails=3 fail_timeout=30s;
 +        keepalive 32;
 +    }
++
 +    upstream zephyrfs_node {
 +        server zephyrfs-node:8080 max_fails=3 fail_timeout=30s;
 +        keepalive 16;
 +    }
++
 +    # HTTP to HTTPS redirect
 +    server {
 +        listen 80;
 +        server_name _;
 +        return 301 https://$host$request_uri;
 +    }
++
 +    # Main HTTPS server
 +    server {
 +        listen 443 ssl http2;
 +        server_name _;
++
 +        # SSL certificates
 +        ssl_certificate /etc/nginx/ssl/cert.pem;
 +        ssl_certificate_key /etc/nginx/ssl/key.pem;
++
 +        # Root and index
 +        root /var/www/html;
 +        index index.html;
++
 +        # Health check endpoint
 +        location /health {
 +            access_log off;
 +            return 200 "healthy\n";
 +            add_header Content-Type text/plain;
 +        }
++
 +        # API proxy with rate limiting
 +        location /api/ {
 +            limit_req zone=api burst=20 nodelay;
++
 +            proxy_pass http://web_backend;
 +            proxy_http_version 1.1;
 +            proxy_set_header Upgrade $http_upgrade;
 +            proxy_set_header Connection "upgrade";
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
++
 +            # Timeouts
 +            proxy_connect_timeout 60s;
 +            proxy_send_timeout 60s;
 +            proxy_read_timeout 60s;
++
 +            # Buffer settings
 +            proxy_buffering on;
 +            proxy_buffer_size 4k;
 +            proxy_buffers 8 4k;
 +        }
++
 +        # File upload endpoint with special handling
 +        location /api/files/upload {
 +            limit_req zone=upload burst=5 nodelay;
++
 +            client_max_body_size 1G;
 +            client_body_timeout 300s;
++
 +            proxy_pass http://web_backend;
 +            proxy_http_version 1.1;
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
++
 +            # Extended timeouts for large uploads
 +            proxy_connect_timeout 300s;
 +            proxy_send_timeout 300s;
 +            proxy_read_timeout 300s;
++
 +            # Disable buffering for streaming uploads
 +            proxy_request_buffering off;
 +            proxy_buffering off;
 +        }
++
 +        # WebSocket support
 +        location /ws {
 +            proxy_pass http://web_backend;
 +            proxy_http_version 1.1;
 +            proxy_set_header Upgrade $http_upgrade;
 +            proxy_set_header Connection "upgrade";
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +            proxy_set_header X-Forwarded-Proto $scheme;
++
 +            # WebSocket specific settings
 +            proxy_read_timeout 86400s;
 +            proxy_send_timeout 86400s;
 +        }
++
 +        # Direct ZephyrFS node access (internal only)
 +        location /node/ {
 +            internal;
 +            proxy_pass http://zephyrfs_node/;
 +            proxy_http_version 1.1;
 +            proxy_set_header Host $host;
 +            proxy_set_header X-Real-IP $remote_addr;
 +        }
++
 +        # Static files with caching
 +        location / {
 +            try_files $uri $uri/ /index.html;
++
 +            # Cache static assets
 +            location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
 +                expires 1y;
 +                add_header Cache-Control "public, immutable";
 +                add_header Vary "Accept-Encoding";
 +            }
++
 +            # Cache HTML with shorter expiry
 +            location ~* \.html$ {
 +                expires 1h;
 +                add_header Cache-Control "public, no-cache, must-revalidate";
 +            }
 +        }
++
 +        # Monitoring endpoints
 +        location /nginx_status {
 +            stub_status on;
 +            access_log off;
 +            allow 127.0.0.1;
 +            allow 10.0.0.0/8;
 +            allow 172.16.0.0/12;
 +            allow 192.168.0.0/16;
 +            deny all;
 +        }
++
 +        # Security - deny access to sensitive files
 +        location ~ /\. {
 +            deny all;
 +        }
++
 +        location ~ ~$ {
 +            deny all;
 +        }
 +    }
 +}

scripts/deploy.shadded

 +#!/bin/bash
++
 +set -euo pipefail
++
 +DEPLOY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 +STACK_NAME="zephyrfs"
 +COMPOSE_FILE="$DEPLOY_DIR/deploy/production.yml"
 +ENV_FILE="$DEPLOY_DIR/.env.production"
++
 +log() {
 +    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
 +}
++
 +error() {
 +    log "ERROR: $*" >&2
 +    exit 1
 +}
++
 +check_prerequisites() {
 +    log "Checking prerequisites..."
++
 +    command -v docker >/dev/null 2>&1 || error "Docker is not installed"
 +    command -v docker-compose >/dev/null 2>&1 || error "Docker Compose is not installed"
++
 +    if ! docker info >/dev/null 2>&1; then
 +        error "Docker daemon is not running"
 +    fi
++
 +    if ! docker swarm ca >/dev/null 2>&1; then
 +        log "Initializing Docker Swarm..."
 +        docker swarm init
 +    fi
++
 +    if [[ ! -f "$ENV_FILE" ]]; then
 +        error "Environment file not found: $ENV_FILE"
 +    fi
++
 +    log "Prerequisites check passed"
 +}
++
 +build_images() {
 +    log "Building Docker images..."
++
 +    # Build client image
 +    docker build -t zephyrfs/web-client:latest \
 +        -f "$DEPLOY_DIR/client/Dockerfile" \
 +        "$DEPLOY_DIR/client"
++
 +    # Build server image
 +    docker build -t zephyrfs/web-server:latest \
 +        -f "$DEPLOY_DIR/server/Dockerfile" \
 +        "$DEPLOY_DIR/server"
++
 +    log "Images built successfully"
 +}
++
 +setup_secrets() {
 +    log "Setting up Docker secrets..."
++
 +    if ! docker secret inspect jwt_secret >/dev/null 2>&1; then
 +        if [[ -n "${JWT_SECRET:-}" ]]; then
 +            echo "$JWT_SECRET" | docker secret create jwt_secret -
 +        else
 +            openssl rand -base64 32 | docker secret create jwt_secret -
 +        fi
 +        log "JWT secret created"
 +    fi
 +}
++
 +setup_volumes() {
 +    log "Setting up volumes and directories..."
++
 +    local data_path="${DATA_PATH:-/opt/zephyrfs/data}"
 +    local ssl_path="${SSL_CERTS_PATH:-/opt/zephyrfs/ssl}"
++
 +    sudo mkdir -p "$data_path" "$ssl_path"
 +    sudo chown -R 1000:1000 "$data_path"
++
 +    log "Volumes configured"
 +}
++
 +deploy_stack() {
 +    log "Deploying Docker stack..."
++
 +    docker stack deploy \
 +        --compose-file "$COMPOSE_FILE" \
 +        --with-registry-auth \
 +        "$STACK_NAME"
++
 +    log "Stack deployment initiated"
 +}
++
 +wait_for_services() {
 +    log "Waiting for services to be ready..."
++
 +    local max_wait=300
 +    local wait_time=0
++
 +    while [[ $wait_time -lt $max_wait ]]; do
 +        if docker service ls --filter name="${STACK_NAME}_" --format "{{.Replicas}}" | grep -q "0/"; then
 +            log "Services still starting... (${wait_time}s)"
 +            sleep 10
 +            wait_time=$((wait_time + 10))
 +        else
 +            log "All services are running"
 +            return 0
 +        fi
 +    done
++
 +    error "Services failed to start within ${max_wait} seconds"
 +}
++
 +health_check() {
 +    log "Performing health checks..."
++
 +    local endpoints=(
 +        "http://localhost/api/health"
 +        "http://localhost:9090/-/healthy"
 +        "http://localhost:3001/api/health"
 +    )
++
 +    for endpoint in "${endpoints[@]}"; do
 +        if curl -f -s "$endpoint" >/dev/null; then
 +            log "Health check passed: $endpoint"
 +        else
 +            log "WARNING: Health check failed: $endpoint"
 +        fi
 +    done
 +}
++
 +update_stack() {
 +    log "Performing rolling update..."
++
 +    # Update images
 +    build_images
++
 +    # Deploy with updated images
 +    deploy_stack
++
 +    # Wait for rolling update to complete
 +    wait_for_services
++
 +    log "Rolling update completed"
 +}
++
 +rollback_stack() {
 +    log "Rolling back to previous version..."
++
 +    docker service rollback "${STACK_NAME}_web-client"
 +    docker service rollback "${STACK_NAME}_web-server"
++
 +    wait_for_services
++
 +    log "Rollback completed"
 +}
++
 +cleanup() {
 +    log "Cleaning up unused resources..."
++
 +    docker system prune -f
 +    docker volume prune -f
++
 +    log "Cleanup completed"
 +}
++
 +main() {
 +    local action="${1:-deploy}"
++
 +    case "$action" in
 +        deploy)
 +            check_prerequisites
 +            build_images
 +            setup_secrets
 +            setup_volumes
 +            deploy_stack
 +            wait_for_services
 +            health_check
 +            ;;
 +        update)
 +            check_prerequisites
 +            update_stack
 +            health_check
 +            ;;
 +        rollback)
 +            check_prerequisites
 +            rollback_stack
 +            health_check
 +            ;;
 +        cleanup)
 +            cleanup
 +            ;;
 +        *)
 +            echo "Usage: $0 {deploy|update|rollback|cleanup}"
 +            echo ""
 +            echo "Commands:"
 +            echo "  deploy   - Initial deployment or full redeploy"
 +            echo "  update   - Rolling update with zero downtime"
 +            echo "  rollback - Rollback to previous version"
 +            echo "  cleanup  - Clean up unused Docker resources"
 +            exit 1
 +            ;;
 +    esac
++
 +    log "Operation '$action' completed successfully"
 +}
++
 +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
 +    main "$@"
 +fi

scripts/generate-ssl.shadded

 +#!/bin/bash
++
 +# Script to generate self-signed SSL certificates for development
 +# For production, use proper certificates from Let's Encrypt or a CA
++
 +set -e
++
 +SSL_DIR="nginx/ssl"
 +CERT_FILE="$SSL_DIR/cert.pem"
 +KEY_FILE="$SSL_DIR/key.pem"
++
 +echo "Generating self-signed SSL certificate for ZephyrFS..."
++
 +# Create SSL directory if it doesn't exist
 +mkdir -p "$SSL_DIR"
++
 +# Generate private key
 +openssl genrsa -out "$KEY_FILE" 2048
++
 +# Generate certificate signing request
 +openssl req -new -key "$KEY_FILE" -out "$SSL_DIR/cert.csr" -subj "/C=US/ST=State/L=City/O=ZephyrFS/OU=Development/CN=localhost"
++
 +# Generate self-signed certificate
 +openssl x509 -req -days 365 -in "$SSL_DIR/cert.csr" -signkey "$KEY_FILE" -out "$CERT_FILE" -extensions v3_req -extfile <(cat <<EOF
 +[v3_req]
 +keyUsage = keyEncipherment, dataEncipherment
 +extendedKeyUsage = serverAuth
 +subjectAltName = @alt_names
++
 +[alt_names]
 +DNS.1 = localhost
 +DNS.2 = zephyrfs.local
 +DNS.3 = *.zephyrfs.local
 +IP.1 = 127.0.0.1
 +IP.2 = ::1
 +EOF
 +)
++
 +# Clean up CSR
 +rm "$SSL_DIR/cert.csr"
++
 +# Set proper permissions
 +chmod 600 "$KEY_FILE"
 +chmod 644 "$CERT_FILE"
++
 +echo "SSL certificate generated successfully!"
 +echo "Certificate: $CERT_FILE"
 +echo "Private key: $KEY_FILE"
 +echo ""
 +echo "For production deployment:"
 +echo "1. Replace these files with proper certificates from Let's Encrypt or a CA"
 +echo "2. Update the certificate paths in nginx/nginx.conf if needed"
 +echo "3. Ensure proper file permissions (600 for key, 644 for cert)"

scripts/health-check.shadded

 +#!/bin/bash
++
 +set -euo pipefail
++
 +log() {
 +    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
 +}
++
 +check_response_time() {
 +    local url="$1"
 +    local max_time="$2"
 +    local name="$3"
++
 +    log "Checking response time for $name..."
++
 +    local response_time
 +    response_time=$(curl -o /dev/null -s -w '%{time_total}' "$url" || echo "999")
++
 +    local response_ms
 +    response_ms=$(echo "$response_time * 1000" | bc)
++
 +    if (( $(echo "$response_time > $max_time" | bc -l) )); then
 +        log "FAIL: $name response time ${response_ms}ms > ${max_time}000ms"
 +        return 1
 +    else
 +        log "PASS: $name response time ${response_ms}ms"
 +        return 0
 +    fi
 +}
++
 +check_service_health() {
 +    local service="$1"
 +    local url="$2"
++
 +    log "Checking health of $service..."
++
 +    if curl -f -s "$url" >/dev/null; then
 +        log "PASS: $service is healthy"
 +        return 0
 +    else
 +        log "FAIL: $service health check failed"
 +        return 1
 +    fi
 +}
++
 +check_docker_services() {
 +    log "Checking Docker services status..."
++
 +    local failed_services=0
++
 +    while IFS= read -r line; do
 +        local service_name=$(echo "$line" | awk '{print $2}')
 +        local replicas=$(echo "$line" | awk '{print $4}')
++
 +        if [[ "$replicas" == *"0/"* ]]; then
 +            log "FAIL: Service $service_name has 0 running replicas"
 +            ((failed_services++))
 +        else
 +            log "PASS: Service $service_name is running ($replicas)"
 +        fi
 +    done < <(docker service ls --filter name="zephyrfs_" --format "table {{.ID}}\t{{.Name}}\t{{.Mode}}\t{{.Replicas}}")
++
 +    return $failed_services
 +}
++
 +run_performance_test() {
 +    log "Running performance test..."
++
 +    local url="http://localhost/api/health"
 +    local concurrent_requests=10
 +    local total_requests=100
++
 +    log "Testing with $concurrent_requests concurrent requests ($total_requests total)..."
++
 +    local output
 +    output=$(ab -n $total_requests -c $concurrent_requests -q "$url" 2>/dev/null || echo "Test failed")
++
 +    if [[ "$output" == "Test failed" ]]; then
 +        log "FAIL: Performance test failed"
 +        return 1
 +    fi
++
 +    local mean_time
 +    mean_time=$(echo "$output" | grep "Time per request:" | head -1 | awk '{print $4}')
++
 +    if [[ -n "$mean_time" ]]; then
 +        log "Mean response time: ${mean_time}ms"
++
 +        if (( $(echo "$mean_time > 500" | bc -l) )); then
 +            log "FAIL: Mean response time exceeds 500ms"
 +            return 1
 +        else
 +            log "PASS: Mean response time is acceptable"
 +            return 0
 +        fi
 +    else
 +        log "FAIL: Could not parse performance test results"
 +        return 1
 +    fi
 +}
++
 +main() {
 +    local failed_tests=0
++
 +    log "Starting comprehensive health check..."
++
 +    # Check Docker services
 +    if ! check_docker_services; then
 +        ((failed_tests++))
 +    fi
++
 +    # Health checks
 +    check_service_health "Web Frontend" "http://localhost/health" || ((failed_tests++))
 +    check_service_health "API Server" "http://localhost/api/health" || ((failed_tests++))
 +    check_service_health "Prometheus" "http://localhost:9090/-/healthy" || ((failed_tests++))
 +    check_service_health "Grafana" "http://localhost:3001/api/health" || ((failed_tests++))
++
 +    # Response time checks (sub-500ms requirement)
 +    check_response_time "http://localhost/" 0.5 "Frontend" || ((failed_tests++))
 +    check_response_time "http://localhost/api/health" 0.5 "API Health" || ((failed_tests++))
 +    check_response_time "http://localhost/api/files" 0.5 "File Listing" || ((failed_tests++))
++
 +    # Performance test
 +    if command -v ab >/dev/null 2>&1; then
 +        run_performance_test || ((failed_tests++))
 +    else
 +        log "WARNING: Apache Bench (ab) not available, skipping performance test"
 +    fi
++
 +    log "Health check completed"
++
 +    if [[ $failed_tests -eq 0 ]]; then
 +        log "SUCCESS: All tests passed"
 +        exit 0
 +    else
 +        log "FAILURE: $failed_tests test(s) failed"
 +        exit 1
 +    fi
 +}
++
 +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
 +    main "$@"
 +fi

server/src/index.tsmodified

  import { registerRoutes } from './routes/index.js';
  import { errorHandler } from './middleware/error-handler.js';
  import { authMiddleware } from './middleware/auth.js';
 +import { performanceMiddleware } from './middleware/performance.js';
 +import { cacheMiddleware } from './middleware/cache.js';
  import { ZephyrFSClient } from './integration/zephyrfs-client.js';
  import path from 'node:path';
  import { fileURLToPath } from 'node:url';
    // Register middleware
    fastify.setErrorHandler(errorHandler);
 +  await fastify.register(performanceMiddleware);
 +  await fastify.register(cacheMiddleware);
    await fastify.register(authMiddleware);
    // Register routes

server/src/middleware/cache.tsadded

 +import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
 +import { createHash } from 'crypto';
++
 +interface CacheEntry {
 +  data: any;
 +  headers: Record<string, string>;
 +  statusCode: number;
 +  timestamp: number;
 +  ttl: number;
 +  size: number;
 +}
++
 +class MemoryCache {
 +  private cache = new Map<string, CacheEntry>();
 +  private maxSize: number;
 +  private currentSize = 0;
 +  private maxEntrySize: number;
 +  private defaultTTL: number;
++
 +  constructor(options: {
 +    maxSize?: number;
 +    maxEntrySize?: number;
 +    defaultTTL?: number;
 +  } = {}) {
 +    this.maxSize = options.maxSize || 100 * 1024 * 1024; // 100MB
 +    this.maxEntrySize = options.maxEntrySize || 10 * 1024 * 1024; // 10MB per entry
 +    this.defaultTTL = options.defaultTTL || 5 * 60 * 1000; // 5 minutes
 +  }
++
 +  set(key: string, data: any, headers: Record<string, string>, statusCode: number, ttl?: number): boolean {
 +    const size = this.estimateSize(data);
++
 +    // Don't cache large entries
 +    if (size > this.maxEntrySize) {
 +      return false;
 +    }
++
 +    // Evict entries if needed
 +    this.evictIfNeeded(size);
++
 +    const entry: CacheEntry = {
 +      data,
 +      headers,
 +      statusCode,
 +      timestamp: Date.now(),
 +      ttl: ttl || this.defaultTTL,
 +      size,
 +    };
++
 +    this.cache.set(key, entry);
 +    this.currentSize += size;
++
 +    return true;
 +  }
++
 +  get(key: string): CacheEntry | null {
 +    const entry = this.cache.get(key);
++
 +    if (!entry) {
 +      return null;
 +    }
++
 +    // Check if expired
 +    if (Date.now() - entry.timestamp > entry.ttl) {
 +      this.delete(key);
 +      return null;
 +    }
++
 +    return entry;
 +  }
++
 +  delete(key: string): boolean {
 +    const entry = this.cache.get(key);
 +    if (entry) {
 +      this.cache.delete(key);
 +      this.currentSize -= entry.size;
 +      return true;
 +    }
 +    return false;
 +  }
++
 +  clear(): void {
 +    this.cache.clear();
 +    this.currentSize = 0;
 +  }
++
 +  getStats() {
 +    return {
 +      entries: this.cache.size,
 +      size: this.currentSize,
 +      maxSize: this.maxSize,
 +      hitRate: this.calculateHitRate(),
 +    };
 +  }
++
 +  private evictIfNeeded(newEntrySize: number): void {
 +    // Use LRU eviction
 +    while (this.currentSize + newEntrySize > this.maxSize && this.cache.size > 0) {
 +      const oldestKey = this.cache.keys().next().value;
 +      if (oldestKey) {
 +        this.delete(oldestKey);
 +      }
 +    }
 +  }
++
 +  private estimateSize(data: any): number {
 +    try {
 +      return JSON.stringify(data).length * 2; // Rough estimate (UTF-16)
 +    } catch {
 +      return 1024; // Default size if can't stringify
 +    }
 +  }
++
 +  private hitRate = 0;
 +  private hits = 0;
 +  private misses = 0;
++
 +  recordHit(): void {
 +    this.hits++;
 +    this.updateHitRate();
 +  }
++
 +  recordMiss(): void {
 +    this.misses++;
 +    this.updateHitRate();
 +  }
++
 +  private updateHitRate(): void {
 +    const total = this.hits + this.misses;
 +    this.hitRate = total > 0 ? (this.hits / total) * 100 : 0;
 +  }
++
 +  private calculateHitRate(): number {
 +    return this.hitRate;
 +  }
 +}
++
 +const cache = new MemoryCache();
++
 +export async function cacheMiddleware(fastify: FastifyInstance) {
 +  // Cache configuration
 +  const cacheConfig = {
 +    // Routes that should be cached
 +    cacheable: [
 +      '/api/files',
 +      '/api/status/network',
 +      '/api/status/node',
 +    ],
 +    // Routes that should never be cached
 +    nocache: [
 +      '/api/auth/',
 +      '/api/files/upload',
 +      '/api/files/bulk/',
 +    ],
 +    // Default TTL for different route patterns
 +    ttl: {
 +      '/api/files': 30 * 1000, // 30 seconds
 +      '/api/status/': 10 * 1000, // 10 seconds
 +    },
 +  };
++
 +  // Pre-handler to check cache
 +  fastify.addHook('preHandler', async (request: FastifyRequest, reply: FastifyReply) => {
 +    // Only cache GET requests
 +    if (request.method !== 'GET') {
 +      return;
 +    }
++
 +    // Check if route should be cached
 +    if (!shouldCacheRoute(request.url, cacheConfig)) {
 +      return;
 +    }
++
 +    const cacheKey = generateCacheKey(request);
 +    const cached = cache.get(cacheKey);
++
 +    if (cached) {
 +      cache.recordHit();
++
 +      // Set cached headers
 +      Object.entries(cached.headers).forEach(([key, value]) => {
 +        reply.header(key, value);
 +      });
++
 +      // Add cache headers
 +      reply.header('X-Cache', 'HIT');
 +      reply.header('X-Cache-Time', new Date(cached.timestamp).toISOString());
++
 +      reply.code(cached.statusCode);
 +      return reply.send(cached.data);
 +    } else {
 +      cache.recordMiss();
 +      reply.header('X-Cache', 'MISS');
 +    }
 +  });
++
 +  // Post-handler to cache responses
 +  fastify.addHook('onSend', async (request: FastifyRequest, reply: FastifyReply, payload: any) => {
 +    // Only cache successful GET requests
 +    if (request.method !== 'GET' || reply.statusCode >= 400) {
 +      return payload;
 +    }
++
 +    // Check if route should be cached
 +    if (!shouldCacheRoute(request.url, cacheConfig)) {
 +      return payload;
 +    }
++
 +    // Don't cache if already cached
 +    if (reply.getHeader('X-Cache') === 'HIT') {
 +      return payload;
 +    }
++
 +    const cacheKey = generateCacheKey(request);
 +    const ttl = getTTLForRoute(request.url, cacheConfig);
++
 +    // Get response headers (excluding some)
 +    const headers: Record<string, string> = {};
 +    const excludeHeaders = ['set-cookie', 'authorization', 'x-cache'];
++
 +    Object.entries(reply.getHeaders()).forEach(([key, value]) => {
 +      if (!excludeHeaders.includes(key.toLowerCase()) && typeof value === 'string') {
 +        headers[key] = value;
 +      }
 +    });
++
 +    // Cache the response
 +    cache.set(cacheKey, payload, headers, reply.statusCode, ttl);
++
 +    return payload;
 +  });
++
 +  // Cache management endpoints
 +  fastify.get('/api/cache/stats', async () => {
 +    return cache.getStats();
 +  });
++
 +  fastify.delete('/api/cache/clear', {
 +    preHandler: fastify.authenticate,
 +  }, async () => {
 +    cache.clear();
 +    return { success: true, message: 'Cache cleared' };
 +  });
++
 +  fastify.delete('/api/cache/invalidate', {
 +    preHandler: fastify.authenticate,
 +    schema: {
 +      querystring: {
 +        type: 'object',
 +        properties: {
 +          pattern: { type: 'string' },
 +        },
 +      },
 +    },
 +  }, async (request: FastifyRequest) => {
 +    const { pattern } = request.query as { pattern?: string };
++
 +    if (!pattern) {
 +      return { success: false, message: 'Pattern is required' };
 +    }
++
 +    let invalidated = 0;
 +    const regex = new RegExp(pattern);
++
 +    for (const key of cache['cache'].keys()) {
 +      if (regex.test(key)) {
 +        cache.delete(key);
 +        invalidated++;
 +      }
 +    }
++
 +    return {
 +      success: true,
 +      message: `Invalidated ${invalidated} cache entries`,
 +      invalidated,
 +    };
 +  });
++
 +  // Periodic cache cleanup
 +  setInterval(() => {
 +    const stats = cache.getStats();
 +    fastify.log.debug({
 +      cache: {
 +        entries: stats.entries,
 +        sizeMB: Math.round(stats.size / 1024 / 1024),
 +        hitRate: Math.round(stats.hitRate * 100) / 100,
 +      },
 +    }, 'Cache statistics');
++
 +    // Force cleanup if cache is getting full
 +    if (stats.size > stats.maxSize * 0.9) {
 +      // Remove oldest 10% of entries
 +      const keysToRemove = Math.floor(stats.entries * 0.1);
 +      let removed = 0;
++
 +      for (const key of cache['cache'].keys()) {
 +        if (removed >= keysToRemove) break;
 +        cache.delete(key);
 +        removed++;
 +      }
++
 +      fastify.log.info({ removedEntries: removed }, 'Cache cleanup performed');
 +    }
 +  }, 60 * 1000); // Check every minute
 +}
++
 +function shouldCacheRoute(url: string, config: any): boolean {
 +  // Check nocache patterns first
 +  for (const pattern of config.nocache) {
 +    if (url.startsWith(pattern)) {
 +      return false;
 +    }
 +  }
++
 +  // Check cacheable patterns
 +  for (const pattern of config.cacheable) {
 +    if (url.startsWith(pattern)) {
 +      return true;
 +    }
 +  }
++
 +  return false;
 +}
++
 +function generateCacheKey(request: FastifyRequest): string {
 +  const url = request.url;
 +  const method = request.method;
 +  const headers = request.headers;
++
 +  // Include relevant headers in cache key
 +  const relevantHeaders = ['accept', 'accept-encoding'];
 +  const headerKey = relevantHeaders
 +    .map(h => `${h}:${headers[h] || ''}`)
 +    .join('|');
++
 +  const keyString = `${method}:${url}:${headerKey}`;
++
 +  return createHash('md5').update(keyString).digest('hex');
 +}
++
 +function getTTLForRoute(url: string, config: any): number {
 +  for (const [pattern, ttl] of Object.entries(config.ttl)) {
 +    if (url.startsWith(pattern)) {
 +      return ttl as number;
 +    }
 +  }
++
 +  return 5 * 60 * 1000; // Default 5 minutes
 +}

server/src/middleware/performance.tsadded

 +import type { FastifyRequest, FastifyReply, FastifyInstance } from 'fastify';
 +import { performance } from 'perf_hooks';
++
 +interface PerformanceMetrics {
 +  requestCount: number;
 +  averageResponseTime: number;
 +  p95ResponseTime: number;
 +  p99ResponseTime: number;
 +  errorRate: number;
 +  activeConnections: number;
 +  memoryUsage: NodeJS.MemoryUsage;
 +  cpuUsage: NodeJS.CpuUsage;
 +  responseTimes: number[];
 +  errors: number;
 +  lastReset: Date;
 +}
++
 +const metrics: PerformanceMetrics = {
 +  requestCount: 0,
 +  averageResponseTime: 0,
 +  p95ResponseTime: 0,
 +  p99ResponseTime: 0,
 +  errorRate: 0,
 +  activeConnections: 0,
 +  memoryUsage: process.memoryUsage(),
 +  cpuUsage: process.cpuUsage(),
 +  responseTimes: [],
 +  errors: 0,
 +  lastReset: new Date(),
 +};
++
 +// Keep last 1000 response times for percentile calculations
 +const MAX_RESPONSE_TIMES = 1000;
++
 +export async function performanceMiddleware(fastify: FastifyInstance) {
 +  // Request timing
 +  fastify.addHook('onRequest', async (request: FastifyRequest) => {
 +    request.startTime = performance.now();
 +    metrics.activeConnections++;
 +  });
++
 +  fastify.addHook('onResponse', async (request: FastifyRequest, reply: FastifyReply) => {
 +    const responseTime = performance.now() - (request.startTime || 0);
++
 +    metrics.requestCount++;
 +    metrics.activeConnections = Math.max(0, metrics.activeConnections - 1);
++
 +    // Track response times
 +    metrics.responseTimes.push(responseTime);
 +    if (metrics.responseTimes.length > MAX_RESPONSE_TIMES) {
 +      metrics.responseTimes.shift();
 +    }
++
 +    // Track errors
 +    if (reply.statusCode >= 400) {
 +      metrics.errors++;
 +    }
++
 +    // Update metrics
 +    updateMetrics();
++
 +    // Log slow requests
 +    if (responseTime > 5000) {
 +      fastify.log.warn({
 +        url: request.url,
 +        method: request.method,
 +        responseTime,
 +        statusCode: reply.statusCode,
 +      }, 'Slow request detected');
 +    }
 +  });
++
 +  fastify.addHook('onError', async (request: FastifyRequest, reply: FastifyReply, error: Error) => {
 +    metrics.errors++;
 +    metrics.activeConnections = Math.max(0, metrics.activeConnections - 1);
 +    updateMetrics();
 +  });
++
 +  // Metrics endpoint
 +  fastify.get('/api/metrics', async () => {
 +    return {
 +      ...metrics,
 +      uptime: process.uptime(),
 +      timestamp: new Date(),
 +    };
 +  });
++
 +  // Health check with performance data
 +  fastify.get('/api/health/detailed', async () => {
 +    const memUsage = process.memoryUsage();
 +    const cpuUsage = process.cpuUsage();
++
 +    return {
 +      status: 'healthy',
 +      performance: {
 +        responseTime: {
 +          average: metrics.averageResponseTime,
 +          p95: metrics.p95ResponseTime,
 +          p99: metrics.p99ResponseTime,
 +        },
 +        throughput: {
 +          requestsPerSecond: calculateRequestsPerSecond(),
 +          activeConnections: metrics.activeConnections,
 +        },
 +        errors: {
 +          rate: metrics.errorRate,
 +          total: metrics.errors,
 +        },
 +        system: {
 +          memory: {
 +            used: memUsage.heapUsed,
 +            total: memUsage.heapTotal,
 +            external: memUsage.external,
 +            rss: memUsage.rss,
 +          },
 +          cpu: {
 +            user: cpuUsage.user,
 +            system: cpuUsage.system,
 +          },
 +          uptime: process.uptime(),
 +        },
 +      },
 +      timestamp: new Date(),
 +    };
 +  });
++
 +  // Start periodic metrics collection
 +  startMetricsCollection(fastify);
 +}
++
 +function updateMetrics() {
 +  if (metrics.responseTimes.length === 0) return;
++
 +  // Calculate average
 +  const sum = metrics.responseTimes.reduce((a, b) => a + b, 0);
 +  metrics.averageResponseTime = sum / metrics.responseTimes.length;
++
 +  // Calculate percentiles
 +  const sorted = [...metrics.responseTimes].sort((a, b) => a - b);
 +  metrics.p95ResponseTime = percentile(sorted, 0.95);
 +  metrics.p99ResponseTime = percentile(sorted, 0.99);
++
 +  // Calculate error rate
 +  metrics.errorRate = metrics.requestCount > 0 ? (metrics.errors / metrics.requestCount) * 100 : 0;
++
 +  // Update system metrics
 +  metrics.memoryUsage = process.memoryUsage();
 +  metrics.cpuUsage = process.cpuUsage();
 +}
++
 +function percentile(sortedArray: number[], p: number): number {
 +  if (sortedArray.length === 0) return 0;
++
 +  const index = Math.ceil(sortedArray.length * p) - 1;
 +  return sortedArray[Math.max(0, index)];
 +}
++
 +function calculateRequestsPerSecond(): number {
 +  const now = new Date();
 +  const timeDiff = (now.getTime() - metrics.lastReset.getTime()) / 1000;
++
 +  if (timeDiff === 0) return 0;
++
 +  return metrics.requestCount / timeDiff;
 +}
++
 +function startMetricsCollection(fastify: FastifyInstance) {
 +  // Reset metrics periodically to prevent memory leaks
 +  setInterval(() => {
 +    // Keep recent data but reset counters
 +    const recentResponseTimes = metrics.responseTimes.slice(-100);
++
 +    metrics.responseTimes = recentResponseTimes;
 +    metrics.requestCount = Math.floor(metrics.requestCount * 0.1); // Keep 10% for trend
 +    metrics.errors = Math.floor(metrics.errors * 0.1);
 +    metrics.lastReset = new Date();
++
 +    updateMetrics();
 +  }, 5 * 60 * 1000); // Reset every 5 minutes
++
 +  // Log metrics periodically
 +  setInterval(() => {
 +    fastify.log.info({
 +      metrics: {
 +        requestCount: metrics.requestCount,
 +        averageResponseTime: Math.round(metrics.averageResponseTime),
 +        p95ResponseTime: Math.round(metrics.p95ResponseTime),
 +        errorRate: Math.round(metrics.errorRate * 100) / 100,
 +        activeConnections: metrics.activeConnections,
 +        memoryUsageMB: Math.round(metrics.memoryUsage.heapUsed / 1024 / 1024),
 +        requestsPerSecond: Math.round(calculateRequestsPerSecond() * 100) / 100,
 +      },
 +    }, 'Performance metrics');
 +  }, 60 * 1000); // Log every minute
 +}
++
 +// Declare module augmentation for request
 +declare module 'fastify' {
 +  interface FastifyRequest {
 +    startTime?: number;
 +  }
 +}
++
 +// Response time tracking for caching decisions
 +export function shouldCache(responseTime: number, statusCode: number): boolean {
 +  // Cache successful responses that are reasonably fast
 +  if (statusCode >= 200 && statusCode < 300) {
 +    return responseTime < 1000; // Cache responses under 1 second
 +  }
++
 +  return false;
 +}
++
 +// Memory pressure detection
 +export function isMemoryPressureHigh(): boolean {
 +  const usage = process.memoryUsage();
 +  const heapUsedMB = usage.heapUsed / 1024 / 1024;
 +  const heapTotalMB = usage.heapTotal / 1024 / 1024;
++
 +  // Consider memory pressure high if heap usage > 80%
 +  return (heapUsedMB / heapTotalMB) > 0.8;
 +}
++
 +// CPU usage detection
 +export function isCpuUsageHigh(): boolean {
 +  const usage = process.cpuUsage();
 +  const totalUsage = usage.user + usage.system;
++
 +  // This is a simplified check - in production you'd want more sophisticated monitoring
 +  return totalUsage > 500000; // 500ms of CPU time indicates high usage
 +}